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June 19, 2019 


The Honorable Walter G. Copan 
Director 

National Institute of Standards and Technology 
100 Bureau Drive 
Gaithersburg, MD 20899 

Dear Director Copan: 

I write to ask that the National Institute of Standards and Technology (NIST) create and publish 
guidance describing how individuals and organizations can safely share sensitive documents 
with others over the internet. Government agencies routinely share and receive sensitive data 
through insecure methods - such as emailing .zip files - because employees are not provided the 
tools and training to do so safely. 

As you know, it is a routine practice in the government, and indeed the private sector, to send by 
email password-protected .zip files containing sensitive documents. Many people incorrectly 
believe that password-protected .zip files can protect sensitive data. Indeed, many password- 
protected .zip files can be easily broken with off-the-shelf hacking tools. This is because many 
of the software programs that create .zip files use a weak encryption algorithm by default. While 
secure methods to protect and share data exist and are freely available, many people do not know 
which software they should use. 

Given the ongoing threat of cyber attacks by foreign state actors and high-profile data breaches, 
this is a potentially catastrophic national security problem that needs to be fixed. The 
governmenf must ensure that federal workers have the tools and training they need to safely 
share sensitive data. To address this problem, I ask that NIST create and publish an easy-to- 
understand guide describing the best way for individuals and organizations to securely share 
sensitive data over the internet. 

If you have any questions about this request, please contact Chris Soghoian in my office. 


Sincerely, 



Ron Wyden 
United States Senator 
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